Multi agent system for network attack classification using flow-based intrusion detection

Intrusion Detection (ID) is essential for protecting contemporary computer networks from a range of threats. Modern ID techniques must cope with increasingly sophisticated attacks as well as rapidly rising network line speeds. Signature-based ID is forced to sample sparsely, increasing the likelihood of malicious traffic entering the network without scrutiny. Consequently, flow-based ID is gaining attention as an effective complement. ID systems are furthermore often characterized as either network-based or host-based. The autonomous multi agent design paradigm is a scalable, attractive alternative for its potential to leverage the strengths of both architectures: the broad perspective and visibility into distributed malicious activity provided by network-based ID, and the comprehensive view of the local node provided by host-based ID. This paper therefore develops an architecture for a new multi agent, flow-based intrusion detection sysem. The architecture is designed in two iterations of increasing complexity. These innovative ID designs use a “repuation” system to permit agents to dynamically find nodes that are most effective for classifying malicious network activity. Furthermore, each system design includes the development of an innovative classifier that uses multi objective evolutionary algorithms to aid in the search for effective operational parameter values. Evaluation using an extensive agent simulation framework highlights the conditions under which the reputation system provides a significant classification benefit.

[1]  Bryan Krekel,et al.  Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation , 2009 .

[2]  Lik Mui,et al.  Notions of reputation in multi-agents systems: a review , 2002, AAMAS '02.

[3]  Chhaya Das,et al.  Analysis of Distributed Intrusion Detection Systems Using Mobile Agents , 2008, 2008 First International Conference on Emerging Trends in Engineering and Technology.

[4]  V. Paxson,et al.  WHERE MATHEMATICS MEETS THE INTERNET , 1998 .

[5]  Songwu Lu,et al.  Random flow network modeling and simulations for DDoS attack mitigation , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[6]  B. Melamed,et al.  Traffic modeling for telecommunications networks , 1994, IEEE Communications Magazine.

[7]  David G. Stork,et al.  Pattern classification, 2nd Edition , 2000 .

[8]  M. Becchi From Poisson Processes to Self-Similarity: a Survey of Network Traffic Models , 2006 .

[9]  Robert Tibshirani,et al.  The Elements of Statistical Learning: Data Mining, Inference, and Prediction, 2nd Edition , 2001, Springer Series in Statistics.

[10]  D. Ruppert The Elements of Statistical Learning: Data Mining, Inference, and Prediction , 2004 .

[11]  Gary B. Lamont,et al.  Multi agent systems on military networks , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[12]  Gary B. Lamont,et al.  Self organized multi-agent entangled hierarchies for network security , 2009, GECCO '09.

[13]  Wayne A. Jansen,et al.  Intrusion detection with mobile agents , 2002, Comput. Commun..

[14]  Sean Luke,et al.  MASON: A New Multi-Agent Simulation Toolkit , 2004 .

[15]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[16]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.